This disclosure relates generally to electronic protection of data and, more particularly, to systems and computer program products that generate and verify hash values.
Networked and other publicly accessible computer systems and data communications are vulnerable to attacks from hackers or other malicious systems. To defend against or prevent such attacks, a variety of network security techniques, such as cryptographic tools, have been developed.
Hash functions are commonly used to, for example, encrypt secret passwords that are used by users to login to a computer system and to generate digital signatures for user documents, messages, and other sensitive data. A hash function can be viewed as a one-way mathematical function that encrypts data, because, for practical purposes, the data that was input into the hash function cannot be calculated backwards from the resulting hash value.
The hash function may thus receive a plaintext password as an input and generate a unique hash value for that password as an output. A computer system may store only a copy of the password's hash value, so that the password's plaintext is known only to the user. In such an arrangement, when the user enters the plaintext password, the system will calculate a hash value for the entered password and compare the hash value to the stored hash value. If the two hash values match, the computer system will then accept the password and authenticate the user.
To increase the security of the password hash function, a salt value may be used. As known in the art, the salt value is an extra value that may be added to the password that is entered by the user. The salt value may, for example, be a bit string, such as a string of characters, integers or bits generated by a number generator. The hash function will thus compute a hash value based on a combined input of the plaintext password and the salt value. The salt value thereby increases the difficulty for an attacker to calculate backwards the user's plaintext password from the hash value. A salt value may thus be a counter-measure against attacks based on pre-calculated password hash values (so-called “rainbow table” attacks).
However, in view of the continuing rapid increases that are being achieved in the processing throughput and memory of emerging computer systems, the use of a hashing without or without salt values may not provide a sufficient level of security for user's plaintext passwords or other sensitive data.